Things that native apps can do trivially but that require explicit permission for accessed in Flash (or the web in general): filesystem read/write, listen in on microphones, spy with webcams, etc etc.
If you have a flash zero day (and they totally exist!), you can do those things, but that significantly raises the difficulty, which reduces the number of attacks you'll actually see in the wild. Most attackers aren't the NSA or Mossad, and resources that they have to spend on getting and exploiting zero days are resources they can't spend on other parts of the exploit chain.
Things that native apps can do trivially but that require explicit permission for accessed in Flash (or the web in general): filesystem read/write, listen in on microphones, spy with webcams, etc etc.
If you have a flash zero day (and they totally exist!), you can do those things, but that significantly raises the difficulty, which reduces the number of attacks you'll actually see in the wild. Most attackers aren't the NSA or Mossad, and resources that they have to spend on getting and exploiting zero days are resources they can't spend on other parts of the exploit chain.